test: use systemd-asan-env environment file at more places

2026-04-14 00:14:32 +09:00 · 2024-12-08 04:01:48 +09:00
parent 456727b5d4
commit d2d006cc8c
3 changed files with 29 additions and 14 deletions
--- a/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf
+++ b/mkosi.sanitizers/mkosi.extra/usr/lib/systemd/system/systemd-coredump@.service.d/10-asan.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Service]
+# systemd-coredump may call get_user_creds(), which may pull in instrumented
+# systemd NSS modules and may trigger fatal LSAN error.
+EnvironmentFile=-/usr/lib/systemd/systemd-asan-env
--- a/test/units/TEST-07-PID1.exec-context.sh
+++ b/test/units/TEST-07-PID1.exec-context.sh
@@ -349,18 +349,18 @@ if [[ ! -v ASAN_OPTIONS ]] && systemctl --version | grep "+BPF_FRAMEWORK" && ker
    (! systemd-run --wait --pipe -p RestrictFileSystems="~proc devtmpfs sysfs" ls /sys)
 fi

-if [[ ! -v ASAN_OPTIONS ]]; then
-    # Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set
-    systemd-run --unit test-07-dynamic-user-tmp.service \
-                --service-type=notify \
-                -p DynamicUser=yes \
-                -p NotifyAccess=all \
-                sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity'
-    (! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null)
-    (! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null)
-    systemctl is-active test-07-dynamic-user-tmp.service
-    systemctl stop test-07-dynamic-user-tmp.service
-fi
+# Ensure DynamicUser=yes does not imply PrivateTmp=yes if TemporaryFileSystem=/tmp /var/tmp is set
+systemd-run \
+    --unit test-07-dynamic-user-tmp.service \
+    --service-type=notify \
+    -p DynamicUser=yes \
+    -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
+    -p NotifyAccess=all \
+    sh -c 'touch /tmp/a && touch /var/tmp/b && ! test -f /tmp/b && ! test -f /var/tmp/a && systemd-notify --ready && sleep infinity'
+(! ls /tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null)
+(! ls /var/tmp/systemd-private-"$(tr -d '-' < /proc/sys/kernel/random/boot_id)"-test-07-dynamic-user-tmp.service-* &>/dev/null)
+systemctl is-active test-07-dynamic-user-tmp.service
+systemctl stop test-07-dynamic-user-tmp.service

 # Make sure we properly (de)serialize various string arrays, including whitespaces
 # See: https://github.com/systemd/systemd/issues/31214
@@ -401,7 +401,16 @@ mkdir /tmp/root
 touch /tmp/root/foo
 chmod +x /tmp/root/foo
 (! systemd-run --wait --pipe false)
-(! systemd-run --wait --pipe --unit "test-dynamicuser-fail" -p DynamicUser=yes -p WorkingDirectory=/nonexistent true)
+if [[ ! -v ASAN_OPTIONS ]]; then
+    # Here, -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env does not work,
+    # as sd-executor loads NSS module and fails before applying the environment:
+    # (true)[660]: test-dynamicuser-fail.service: Changing to the requested working directory failed: No such file or directory
+    # (true)[660]: test-dynamicuser-fail.service: Failed at step CHDIR spawning /usr/bin/true: No such file or directory
+    # TEST-07-PID1.sh[660]: ==660==LeakSanitizer has encountered a fatal error.
+    # TEST-07-PID1.sh[660]: ==660==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
+    # TEST-07-PID1.sh[660]: ==660==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
+    (! systemd-run --wait --pipe --unit "test-dynamicuser-fail" -p DynamicUser=yes -p WorkingDirectory=/nonexistent true)
+fi
 (! systemd-run --wait --pipe -p RuntimeDirectory=not-a-directory true)
 (! systemd-run --wait --pipe -p RootDirectory=/tmp/root this-shouldnt-exist)
 (! systemd-run --wait --pipe -p RootDirectory=/tmp/root /foo)
--- a/test/units/TEST-07-PID1.issue-14566.sh
+++ b/test/units/TEST-07-PID1.issue-14566.sh
@@ -6,7 +6,7 @@ set -o pipefail
 # Test that KillMode=mixed does not leave left over processes with ExecStopPost=
 # Issue: https://github.com/systemd/systemd/issues/14566

-if [[ -n "${ASAN_OPTIONS:-}" ]]; then
+if [[ -v ASAN_OPTIONS ]]; then
    # Temporarily skip this test when running with sanitizers due to a deadlock
    # See: https://bugzilla.redhat.com/show_bug.cgi?id=2098125
    echo "Sanitizers detected, skipping the test..."